Lessons learned from the 7 major cyber security incidents of 2016

Tim Greene |
Dec. 15, 2016

What to glean from the DNC and Yahoo hacks, the rise of ransomware.

Cyber incidents dominated headlines this year, from Russia’s hacking of Democrat emails to internet cameras and DVRs launching DDoS attacks, leaving the impression among many that nothing should be entrusted to the internet.

These incidents reveal technical flaws that can be addressed and failure to employ best practices that might have prevented some of them from happening.

The most important lesson is that cybersecurity is a perpetual battle in which neither side gets the upper hand for long and that requires constant incident post-mortems to discover the next measures to keep data and communications safe.

U.S. intelligence services say the hack was likely the work of Russian hackers with possible ties to top Kremlin officials, although the opinion is not unanimous. Trump disputes even that Russia was involved at all. President Barack Obama has called for a report on the incident before he leaves office next month, but it’s likely the true nature and impact of the breach won’t be known for long after that, if ever.

The case points up the general difficulty of attributing attacks to particular actors with incontrovertible evidence. Researchers at security vendors have attributed this compromise to Russian groups Cozy Bear and Fancy Bear based on its tactics and methods, but that doesn’t link it conclusively to the Russian government.

What the incident does show is that politically motivated attacks can be effective and can be carried out without leaving a smoking gun.

The attack exposes the influence foreign states can have over any country’s elections. More narrowly, candidates and their parties need to pay more attention to better network security if they hope to avoid this type of attack in the future, regardless of who the perpetrator is.

It was noteworthy for enlisting tens of thousands of internet of things (IoT) devices into a botnet that carried out much of the attack. Three waves of traffic hit Dyn Oct. 21, focusing on different Dyn data centers.

The attack was made more potent because when Dyn’s servers became flooded, DNS requests went unanswered long enough so the requesting machines – legitimate ones and bots - sent follow-up requests, compounding the traffic flood.